sality | 5c05c7b7bace103ed8af779d5f383ca53eb5ce84fa9430ed2c95b8050915c23d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

46fc9c3f0b...18.exe

windows7-x64

3

46fc9c3f0b...18.exe

windows10-2004-x64

Sharing

General

Target

46fc9c3f0b2cb404b5d2f55e76886763_JaffaCakes118
Size

215KB
Sample

240714-w136yavbrh
MD5

46fc9c3f0b2cb404b5d2f55e76886763
SHA1

55dad8f50b2b17271623bb3f3923c1e963a26d91
SHA256

5c05c7b7bace103ed8af779d5f383ca53eb5ce84fa9430ed2c95b8050915c23d
SHA512

2a116940b6882654ac5d2c33e0a00078a96673c7b53883f1e9887835153ad11e28439d27ac535a3fb9ab2e395c7ada081744e2455601b47c1164a72395906d12
SSDEEP

3072:FzAKb/OW+OTwgkNZ0UMKRovRrHTyxL/zZy9TNz+E4Gm4Rq13bnPoMbLwAyS8c/je:Fv/OW+OT6f+rHTyxJFE4GmJ/D+Oqz0Cz

Score

10^/10

sality backdoor evasion persistence privilege_escalation trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

46fc9c3f0b2cb404b5d2f55e76886763_JaffaCakes118.exe

Resource

win7-20240708-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

46fc9c3f0b2cb404b5d2f55e76886763_JaffaCakes118.exe

Resource

win10v2004-20240709-en

sality backdoor evasion persistence privilege_escalation trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  46fc9c3f0b2cb404b5d2f55e76886763_JaffaCakes118
- Size
  
  215KB
- MD5
  
  46fc9c3f0b2cb404b5d2f55e76886763
- SHA1
  
  55dad8f50b2b17271623bb3f3923c1e963a26d91
- SHA256
  
  5c05c7b7bace103ed8af779d5f383ca53eb5ce84fa9430ed2c95b8050915c23d
- SHA512
  
  2a116940b6882654ac5d2c33e0a00078a96673c7b53883f1e9887835153ad11e28439d27ac535a3fb9ab2e395c7ada081744e2455601b47c1164a72395906d12
- SSDEEP
  
  3072:FzAKb/OW+OTwgkNZ0UMKRovRrHTyxL/zZy9TNz+E4Gm4Rq13bnPoMbLwAyS8c/je:Fv/OW+OT6f+rHTyxJFE4GmJ/D+Oqz0Cz
Score

10^/10

sality backdoor evasion persistence privilege_escalation trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasionpersistenceprivilege_escalationtrojanupx

© 2018-2025

Terms | Privacy